Netgear Posts Final Firmware For Routers Affected By Dangerous Remote Exploit

Earlier this month, we informed you of a nasty vulnerability in certain Netgear routers that opened them up to remote exploits, including “arbitrary command injection” by nefarious parties. Four months after Netgear was first notified about the exploit, no response from the company (or fix) was provided, so a proof of concept was unleashed into the wild.

Needless to say, the public reveal of the vulnerability kicked things into high gear for Netgear, and it issued beta firmware updates for the affected routers. While we initially thought that the vulnerability affected just three routers — the R6400, R7000, and R8000 — Netgear’s investigation found that additional routers were also compromised. These included the R6250, R6700, R6900, R7100LG, R7300, R7900, and D6220.

netgear r7000

While final “production” firmware was already available for the R6250, R6400, R7000 and R8000, Netgear today is issuing final production-quality firmware for all routers affected by VU#582384 (as identified by CERT). For its part in this whole matter, Netgear issued the following statement:

It is Netgear’s mission to be the innovative leader in connecting the world to the internet. To achieve this mission, we strive to earn and maintain the trust of those that use Netgear products for their connectivity. We do take the security of our products and our customers’ networks seriously. 

Netgear constantly monitors for both known and unknown threats. Being pro-active rather than re-active to emerging security issues is fundamental for product support at Netgear. 

Although some would question Netgear’s adherence to the last sentence in the statement in regards to this exploit, we have to commend the company for getting beta patches and then the final patches out in a relatively quick fashion (following the public disclosure).

To download the newest firmware for affected routers, head on over to Netgear’s support website.